skip to main content

Title: Security of GPS/INS Based On-road Location Tracking Systems
Location information is critical to a wide variety of navigation and tracking applications. GPS, today's de-facto outdoor localization system has been shown to be vulnerable to signal spoofing attacks. Inertial Navigation Systems (INS) are emerging as a popular complementary system, especially in road transportation systems as they enable improved navigation and tracking as well as offer resilience to wireless signals spoofing and jamming attacks. In this paper, we evaluate the security guarantees of INS-aided GPS tracking and navigation for road transportation systems. We consider an adversary required to travel from a source location to a destination and monitored by an INS-aided GPS system. The goal of the adversary is to travel to alternate locations without being detected. We develop and evaluate algorithms that achieve this goal, providing the adversary significant latitude. Our algorithms build a graph model for a given road network and enable us to derive potential destinations an attacker can reach without raising alarms even with the INS-aided GPS tracking and navigation system. The algorithms render the gyroscope and accelerometer sensors useless as they generate road trajectories indistinguishable from plausible paths (both in terms of turn angles and roads curvature). We also design, build and demonstrate that the more » magnetometer can be actively spoofed using a combination of carefully controlled coils. To experimentally demonstrate and evaluate the feasibility of the attack in real-world, we implement a first real-time integrated GPS/INS spoofer that accounts for traffic fluidity, congestion, lights, and dynamically generates corresponding spoofing signals. Furthermore, we evaluate our attack on ten different cities using driving traces and publicly available city plans. Our evaluations show that it is possible for an attacker to reach destinations that are as far as 30 km away from the actual destination without being detected. We also show that it is possible for the adversary to reach almost 60--80% of possible points within the target region in some cities. Such results are only a lower-bound, as an adversary can adjust our parameters to spend more resources (e.g., time) on the target source/destination than we did for our performance evaluations of thousands of paths. We propose countermeasures that limit an attacker's ability, without the need for any hardware modifications. Our system can be used as the foundation for countering such attacks, both detecting and recommending paths that are difficult to spoof. « less
; ;
Award ID(s):
1850264 1661532
Publication Date:
Journal Name:
2019 IEEE Symposium on Security and Privacy (SP)
Page Range or eLocation-ID:
Sponsoring Org:
National Science Foundation
More Like this
  1. Although some existing counterdrone measures can disrupt the invasion of certain consumer drone, to the best of our knowledge, none of them can accurately redirect it to a given location for defense. In this paper, we proposed a Drone Position Manipulation (DPM) attack to address this issue by utilizing the vulnerabilities of control and navigation algorithms used on consumer drones. As such drones usually depend on GPS for autopiloting, we carefully spoof GPS signals based on where we want to redirect a drone to, such that we indirectly affect its position estimates that are used by its navigation algorithm. Bymore »carefully manipulating these states, we make a drone gradually move to a path based on our requirements. This unique attack exploits the entire stack of sensing, state estimation, and navigation control together for quantitative manipulation of flight paths, different from all existing methods. In addition, we have formally analyzed the feasible range of redirected destinations for a given target. Our evaluation on open-source ArduPilot system shows that DPM is able to not only accurately lead a drone to a redirected destination but also achieve a large redirection range.« less
  2. Given a spatial graph, an origin and a destination, and on-board diagnostics (OBD) data, the energy-efficient path selection problem aims to find the path with the least expected energy consumption (EEC). Two main objectives of smart cities are sustainability and prosperity, both of which benefit from reducing the energy consumption of transportation. The challenges of the problem include the dependence of EEC on the physical parameters of vehicles, the autocorrelation of the EEC on segments of paths, the high computational cost of EEC estimation, and potential negative EEC. However, the current cost estimation models for the path selection problem domore »not consider vehicles’ physical parameters. Moreover, the current path selection algorithms follow the “path + edge” pattern when exploring candidate paths, resulting in redundant computation. Our preliminary work introduced a physics-guided energy consumption model and proposed a maximal-frequented-path-graph shortest-path algorithm using the model. In this work, we propose an informed algorithm using an admissible heuristic and propose an algorithm to handle negative EEC. We analyze the proposed algorithms theoretically and evaluate the proposed algorithms via experiments with real-world and synthetic data. We also conduct two case studies using real-world data and a road test to validate the proposed method.« less
  3. For high-level Autonomous Vehicles (AV), localization is highly security and safety critical. One direct threat to it is GPS spoofing, but fortunately, AV systems today predominantly use Multi-Sensor Fusion (MSF) algorithms that are generally believed to have the potential to practically defeat GPS spoofing. However, no prior work has studied whether today’s MSF algorithms are indeed sufficiently secure under GPS spoofing, especially in AV settings. In this work, we perform the first study to fill this critical gap. As the first study, we focus on a production-grade MSF with both design and implementation level representativeness, and identify two AV-specific attackmore »goals, off-road and wrong-way attacks. To systematically understand the security property, we first analyze the upper-bound attack effectiveness, and discover a take-over effect that can fundamentally defeat the MSF design principle. We perform a cause analysis and find that such vulnerability only appears dynamically and non-deterministically. Leveraging this insight, we design FusionRipper, a novel and general attack that opportunistically captures and exploits take-over vulnerabilities. We evaluate it on 6 real-world sensor traces, and find that FusionRipper can achieve at least 97% and 91.3% success rates in all traces for off-road and wrongway attacks respectively. We also find that it is highly robust to practical factors such as spoofing inaccuracies. To improve the practicality, we further design an offline method that can effectively identify attack parameters with over 80% average success rates for both attack goals, with the cost of at most half a day. We also discuss promising defense directions.« less
  4. Abstract As Arctic open water increases, shipping activity to and from mid- and western Russian Arctic ports to points south has notably increased. A number of Arctic municipalities hope increased vessel traffic will create opportunities to become a major transshipment hub. However, even with more traffic passing these ports, it might still be economically cheaper to offload cargo at a more southern port, which may also result in lower emissions. Ultimately, the question of whether to use a transshipment in the Arctic versus an established major European port is determined by the relative costs (or emissions) of sea versus landmore »travel. This study calculates the relative competitiveness of six Norwegian coastal cities as multimodal hubs for shipments. We quantify the relative prices and CO 2 emissions for sea and land travel for routes starting at the Norwegian–Russian sea border with an ultimate destination in central Europe and find that all existing routes are not competitive with routes using the major existing Port of Rotterdam (Netherlands); even with investments in port expansion and modernization, they would be underutilized regardless of an increase in vessel traffic destined for central Europe. We then examine under what relative prices (emissions) these routes become economically viable or result in lower emissions than using existing southern ports. Notably, the cheapest routes generally produce the lowest emissions, and the most expensive routes tend to have the largest emissions. Communities should consider relative competitiveness prior to making large infrastructure investments. While some choices are physically possible, they may not be economically viable. Significance Statement Climate change, while disruptive, can also create new opportunities. Many Arctic cities hope to become a major transshipping hub as declining sea ice opens new shipping routes from western and mid-Russian Arctic ports to European ports. This paper quantifies the relative competitiveness of six Norwegian coastal cities as multimodal transportation hubs and finds that they are uncompetitive with the more southern port in Rotterdam (Netherlands). We also show that the most economically competitive routes have lower direct emissions. Thus, while Arctic ports provide critical services in support of local and regional economic activity, even with year-round Arctic navigation Arctic ports’ development into major transshipment hubs for cargo destined for more distant locations may be neither economically viable nor desirable.« less
  5. Internet of Vehicles (IoV) in 5G is regarded as a backbone for intelligent transportation system in smart city, where vehicles are expected to communicate with drivers, with road-side wireless infrastructure, with other vehicles, with traffic signals and different city infrastructure using vehicle-to-vehicle (V2V) and/or vehicle-to-infrastructure (V2I) communications. In IoV, the network topology changes based on drivers' destination, intent or vehicles' movements and road structure on which the vehicles travel. In IoV, vehicles are assumed to be equipped with computing devices to process data, storage devices to store data and communication devices to communicate with other vehicles or with roadside infrastructuremore »(RSI). It is vital to authenticate data in IoV to make sure that legitimate data is being propagated in IoV. Thus, security stands as a vital factor in IoV. The existing literature contains some limitations for robust security in IoV such as high delay introduced by security algorithms, security without privacy, unreliable security and reduced overall communication efficiency. To address these issues, this paper proposes the Elliptic Curve Cryptography (ECC) based Ant Colony Optimization Ad hoc On-demand Distance Vector (ACO-AODV) routing protocol which avoids suspicious vehicles during message dissemination in IoV. Specifically, our proposed protocol comprises three components: i) certificate authority (CA) which maps vehicle's publicly available info such as number plates with cryptographic keys using ECC; ii) malicious vehicle (MV) detection algorithm which works based on trust level calculated using status message interactions; and iii) secure optimal path selection in an adaptive manner based on the intent of communications using ACO-AODV that avoids malicious vehicles. Experimental results illustrate that the proposed approach provides better results than the existing approaches.« less